We performed a comparison between CyberArk Privileged Access Manager and One Identity Manager based on real PeerSpot user reviews.
Find out what your peers are saying about CyberArk, Delinea, BeyondTrust and others in Privileged Access Management (PAM)."The credentials management capability is key to ensuring that the credentials are kept secure and that access to them is done on a temporary and event-driven basis."
"I find value in notifications from CyberArk when passwords fail verification and have other issues."
"We like it for the ability to automatically change passwords. At least for my group, that's the best thing."
"CyberArk has resulted in a massive increase in our security footprint."
"The users have the ability to rotate passwords on a daily basis with a Reconcile Account. Or, if they want to do one-time password checkouts, we can manage those, check in, check out. I like the flexibility of the changing of the password, specifically."
"The product is an important security measure against credential theft. It ensures session isolation and password rotation including pushing passwords to the endpoints."
"We found the initial setup to be easy."
"The most valuable feature is that it always provides flexibility, password quality and one-time user check-in and check-out."
"The policy and role management features are superb. If you have a customer who is willing to go somewhere with role management, then the possibilities are endless with the product. It is well-structured, and the architecture is well-defined."
"This solution helps with compliance by having a way of controlling an audit trail, knowing how things are done, and knowing how to control who has access to what."
"The company policies feature is really good because in workflows you can check whether the policies are all working."
"The One Identity birthright process has helped generate user accounts more accurately and quickly."
"In terms of what the most valuable feature of One Identity Manager is, that would be hard to say because the tool is great overall. There's not really one feature you'd prefer over other features, but what's really great, in my opinion, is the fact that the provisioning is really stable and accurate, and it's a process my company trusts. This means that without a lot of maintenance, I can be pretty sure that as soon as my alternative source gives a new identity or gives new information about a particular identity, everything will be transformed and executed the right way. My company has tried other solutions and there's always a struggle with the provisioning system in terms of knowing what systems work, but with One Identity Manager, this issue doesn't happen. It's also a stable system which I like."
"The back-end, its capabilities, and workflows are very good."
"This solution has helped to increase employee productivity when it comes to provisioning users in our systems. This solution has been really been effective with our retail workers. It wouldn't be possible to onboard and manage our 40,000 store employees without it. The management of the solution is pretty automated."
"Business roles are one way to help companies to identify job codes and position codes. It enables the grouping and automating of certain types of access for certain departments... Doing that in One Identity Manager is a very simple task and it is very well organized."
"Its pricing is a big challenge here. When it started, the product came in at a very low cost. Now, they are the leaders in the market, so the cost has grown and is quite huge."
"It can be integrated with other systems, but it is not easy to integrate. It takes too long to integrate it. Its integration should be easier and simpler."
"Over the past seven years, I have seen a lot of ups and downs with the product."
"PAM could be more user-friendly and CyberArk could update the documentation to include more real-world examples. You have to learn it yourself through trial and error. In particular, the online documentation should have more information about troubleshooting."
"Our DevOps team is looking in the direction of cloud, because we are not in it today. We are hoping to build it with Conjur from the ground up."
"The documentation is rather basic and it is missing many use cases."
"CyberArk PAM is a very broad product as everyone's requirements for implementation are different. In our particular case, the initial implementation was planned and developed by people who didn't know our specific network requirements, so the initial implementation needed to be tweaked over time. While this is normal, at the time all these "major" changes required CyberArk professional services to come in-plant and "assist" with the changes."
"The product could be easier to use. More work needs to be done on this aspect; it is not good enough yet. It also takes up a lot of server space. Sometimes we need to use up to seven servers."
"They should offer more best practices and documentation for every functionality."
"Some internal structures are in place because of already depreciated functions back from the time when the solution was used for software deployment and as a help desk."
"We would like the product to integrate with ServiceNow, since One Identity Manager and ServiceNow are two of our better tools."
"End-user UI customization is difficult and requires some knowledge of proprietary Angular technology. Every time a customer asks us: "Hey, can we modify this form in the UI?" or "Can we integrate a new form?" it's difficult to do. It's possible and we usually do it, but coding form changes typically takes two to four weeks, depending on the changes."
"The initial setup was complex."
"Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions."
"A tool called Analyzer is included to assist with birthright generation. The tool isn't very user-friendly."
"One of the things we would like is the ability to have more than one system role manager. That would be nice. For example, when people are on vacation, sometimes it gets a little hard to administrate system roles."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 142 reviews while One Identity Manager is ranked 3rd in Identity Management (IM) with 75 reviews. CyberArk Privileged Access Manager is rated 8.8, while One Identity Manager is rated 8.0. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of One Identity Manager writes "The JML is customizable but the support team isn't strong". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion and One Identity Safeguard, whereas One Identity Manager is most compared with SailPoint IdentityIQ, Oracle Identity Governance, EVOLVEUM midPoint, Cisco ISE (Identity Services Engine) and ForgeRock.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
